Please help and respond soon!
I’ve spent hours on this today. Perhaps I’m just missing something basic.
If I leave out the client id, and all the stuff I NEED to be able to set, it does indeed work and redirect… but I don’t see the token in the HTTP headers… why?
If I DO set the client id, then I can’t redirect at all (session is undefined) and the token is returned in res (I don’t want that).
I don’t want JS to have access to the token, I want it to be set as a secure http only cookie and then to retrieve it in the headers at my redirect URL.
Isn’t okta supposed to be able to do this?
HOW in the heck do I get this thing to just redirect to my URL and have the token appear in as an http only cookie??